[redsolver]

Maybe you are interested in this little PoC I made a while ago which instead sends a one-time-auth code using Matrix: https://loginwithmatrix.tiktalk.space/

[remram]

Just tried it and never got a code. Is the source available for this?

[ptman]

See https://matrix-login.lyc.fi , comes with source

[redsolver]

The implementation is very simple, it just uses the Matrix SDK to create a direct chat and send a message.

[ushakov]

this does not authenticate me on the homeserver and does not grant a token

nice concept, but useless for applications

[redsolver]

It does prove that you own the specific matrix id you are logging in with to the website. It can for example be used as an alternative everywhere where "Sign in with Google" is used, so I don't understand why it should be useless for applications.

[ushakov]

"Sign in with Google" also grants you access token you can use to access Google APIs on behalf of the user

sorry, but your concept doesn't

[MakiXx]

Aren't you supposed to use "Sign in with Google" or which ever service to prove to the app that you own your unique id (e.g. email)? If you want Google APIs, then that's a completely different scope here.

[LogonType10]

On a similar note, check out this PoC I found that steals Matrix credentials: https://github.com/mishushakov/signin-with-matrix